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Abstract 

Much research in program optimization has focused on for¬ 
mal approaches to correctness: proving that the meaning 
of programs is preserved by the optimisation. Paradoxi¬ 
cally, there has been comparatively little work on formal 
approaches to efficiency: proving that the performance of op¬ 
timized programs is actually improved. This paper addresses 
this problem for a general-purpose optimization technique, 
the worker/wrapper transformation. In particular, we use 
the call-by-need variant of improvement theory to establish 
conditions under which the worker/wrapper transformation 
is formally guaranteed to preserve or improve the time per¬ 
formance of programs in lazy languages such as Haskell. 

Categories and Subject Descriptors D.1.1 [Program¬ 
ming Techniques]: Applicative (Functional) Programming 

Keywords general recursion; improvement 

1. Introduction 

To misquote Oscar Wilde “functional programmers 

know the value of everything and the cost of nothing”U. 
More precisely, the functional approach to programming 
emphasises what programs mean in a denotational sense, 
rather than what programs do in terms of their operational 
behaviour. For many programming tasks this emphasis is 
entirely appropriate, allowing the programmer to focus on 
the high-level description of what is being computed rather 
than the low-level details of how this is realised. However, 
in the context of program optimisation both aspects play 
a central role, as the aim of optimisation is to improve 
the operational performance of programs while maintaining 
their denotational correctness. 

A research paper on program optimisation therefore 
should justify both the correctness and performance aspects 
of the optimisation described. There is a whole spectrum of 
possible approaches to this, ranging from informal tests and 
benchmarks [|H3j, to tool-based methods such as property- 


1 The general form of this misquote is due to Alan Perlis, who 
originally said it of Lisp programmers. 



ICFP ’14, September 1-6, 2014, Gothenburg, Sweden. 

Copyright is held by the owner/author(s). Publication rights licensed 
to ACM. 

ACM 978-1-4503-2873-9 /14/09...S15.00. 
http://dx.doi.org/10.1145/2628136.2628142 


based testing [§| and space/time profiling |mJ, all the way 
up to formal mathematical proofs |17|. For correctness, it is 
now becoming standard to formally prove that an optimisa¬ 
tion preserves the meaning of programs. For performance, 
however, the standard approach is to provide some form of 
empirical evidence that an optimisation improves the effi¬ 
ciency of programs, and there is little published work on 
formal proofs of improvement. 

In this paper, we aim to go some way toward redress¬ 
ing this imbalance in the context of the worker/wrapper 
transformation Jij , putting the denotational and operational 
aspects on an equally formal footing. The worker/wrapper 
transformation is a general purpose optimisation technique 
that has already been formally proved correct, as well as 
being realised in practice as an extension to the Glasgow 
Haskell Compiler [g6|. In this paper we formally prove that 
this transformation is guaranteed to preserve or improve 
time performance with respect to an established operational 
theory. In other words, we show that the worker/wrapper 
transformation never makes programs slower. Specifically, 
the paper makes the following contributions: 


We show how Moran and Sands’ work on call-by-need im¬ 
provement theory |15| can be applied to formally justify 
that the worker/wrapper transformation for least fixed 
points preserves or improves time performance; 

We present preconditions that ensure the transformation 
improves performance in this manner, which come natu¬ 
rally from the preconditions that ensure correctness; 

We demonstrate the utility of the new theory by verify¬ 
ing that examples from previous worker/wrapper papers 
indeed exhibit a time improvement. 


The use of call-by-need improvement theory means that 
our work applies to lazy functional languages such as 
Haskell. Traditionally, the operational beheaviour of lazy 
evaluation has been seen as difficult to reason about, but 
we show that with the right tools this need not be the case. 
To the best of our knowledge, this paper is the first time that 
a general purpose optimisation method for lazy languages 
has been formally proved to improve time performance. 

Improvement theory does not seem to have attracted 
much attention in recent years, but we hope that this pa¬ 
per can help to generate more interest in this and other 
techniques for reasoning about lazy evaluation. Whereas in 
many papers calculations and proofs are often omitted or 
compressed for reasons of brevity, in this paper they are the 
central focus, so are presented in detail. 
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2. Example: Fast Reverse 

We shall begin with an example that motivates the rest of 
the paper: transforming the naive list reverse function into 
the so-called “fast reverse” function. This transformation 
is an instance of the worker/wrapper transformation, and 
there is an intuitive, informal justification of why this is an 
optimisation. Here we give this non-rigorous explanation; 
the remainder of this paper will focus on building the tools 
to strengthen this to a rigorous argument. 

We start with a naive definition of the reverse function, 
which takes quadratic time to run as each append -H- takes 
time linear in the length of its left argument: 
reverse :: [a] [a] 

reverse [] **{] 

reverse (x : xs) = reverse xs -H- [x] 

We can write a more efficient version by using a worker 
function revcat with a wrapper around it that simply applies 
the worker function with [] as the second argument: 
reverse' :: [a] —> [a] 
reverse' xs = revcat xs [ ] 

The specification for the worker revcat is as follows: 
revcat :: [o] —> [a] —> [a] 
revcat xs ys = reverse xs -H- ys 

Prom this specification we can calculate a new definition 
that does not depend on reverse. Because reverse is defined 
by cases, we will have one calculation for each case. 

Case for []: 

revcat [] ys 

= { specification of revcat } 

reverse [] -H- ys 

— { definition of reverse } 

[] -H- ys 

= { definition of -H- } 

ys 

Case for (x : xs): 

revcat (x : xs) ys 
= { specification of revcat } 

reverse (x : xs) -H- ys 
= { definition of reverse } 

(reverse xs -H- [z]) -H- ys 

— { associativity of -H- } 
reverse xs -H- ([x] -H- ys) 

= { definition of -H- } 

reverse xs -H- (x : ys) 

= { specification of revcat } 

revcat xs (x : ys) 

Note the use of associativity of -H- in the third step, which 
is the only step not simply by definition or specification. 
Left-associated appends such as (xs -H- ys) -H- zs are less 
time-efficient than the equivalent right-associated appends 
a;s-H-(?/s-H-2s), as the former traverses xs twice. The intuition 
here is that the efficiency gain from this step in the proof 
carries over in some way to the rest of the proof, so that 
overall our calculated definition of revcat is more efficient 
than its original specification. The calculation gives us the 
following definition, which runs in linear time: 


reverse xs = revcat xs [ ] 

revcat [ ] ys = ys 

revcat (x : xs) ys = revcat xs (x : ys) 

Unfortunately, there are a number of problems with this 
approach. Firstly, we calculated revcat using the fold-unfold 
style of program calculation |g|. This is an informal calcu¬ 
lation, which fails to guarantee total correctness. Thus the 
resulting reverse function may fail in some cases where the 
original succeeded. Secondly, while we are applying the com¬ 
mon pattern of factorising a program into a worker and a 
wrapper, the reasoning we use is ad-hoc and does not take 
advantage of this. We would like to abstract out this pattern 
to make future applications of this technique more straight¬ 
forward. Finally, while intuitively we can see an efficiency 
gain from the use of associativity of -H-, this is not a rigor¬ 
ous argument. Put simply, we need rigorous proofs of both 
correctness and improvement for our transformation. 

3. Worker/Wrapper Transformation 

The worker/wrapper transformation, as originally formu¬ 
lated by Gill and Hutton (j|, allowed a function written using 
general recursion to be split into a recursive worker function 
and a wrapper function that allows the new definition to be 
used in the same contexts as the original. The usual applica¬ 
tion of this technique would be to write the worker to use a 
different type than the original program that supports more 
efficient operations, thus hopefully resulting in a more effi¬ 
cient program overall. Gill and Hutton gave conditions for 
the correctness of the transformation; here we present the 
more general theory and correctnesss conditions recently de¬ 
veloped by Sculthorpe and Hutton [gof . 

3.1 The Fix Theory 

The idea of the worker/wrapper transformation for fixed- 
points is as follows. Given a recursive program prog of some 
type A, we can write prog as some function / of itself: 
prog :: A 
prog = f prog 

We can rewrite this definition so that it is explicitly written 
using the well-known fixpoint operator fix: 

fix :: (a — > a) — > a 
fix /= / (fix /) 

resulting in the following definition: 
prog = fix / 

Next, we write functions abs :: B —> A and rep:-. A B that 
allow us to convert from the original type A to some other 
type B that supports more efficient operations. We finish by 
constructing a new function g : B —»• B that allows us to 
rewrite our original definition of prog as follows: 
prog = abs (fix g) 

Here abs is the wrapper function, while fix g is the worker. 
The pattern of the worker/wrapper transformation can be 
captured by a theorem that expresses, necessary and suffi¬ 
cient conditions for its correctness |g5[. This theorem has 
assumptions that express the required relationship between 
the functions abs and rep, and conditions that provide a 
specification for the function g in terms of abs, rep and f. 
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Theorem 1 (Worker/Wrapper Factorisation). 
Given 

abs : B—¥ A f : A —> A 
rep : A -4 B g : B -4 B 

satisfying one of the assumptions 

(A) abs o rep = id,A 

(B) abs o rep of = f 

(C ) fix ( abs o rep o f) = fix / 


From these functions it is straightforward to create the 
actual abs and rep functions. These convert between the 
original function type [a] —1 [a] and a new function type 
[a] -4 DiffList a where the returned value is represented as 
a difference list, rather than a regular list: 
rep :: ([a] -4 [a]) -4 ([a] -4 DiffList a) 
rep h = toDiffo h 

abs :: ([a] -4 DiffList a) -4 ([a] -4 [a]) 
abs h = fromDiffo h 


and one of the conditions 

(1) g= rep o fo abs (1/3) fix g = fix (repofo abs) 

(2) go rep = rep o f (2/3) fix g = rep (fix f) 

(3) fo abs = abs o g 

we have the factorisation 
fix / = abs (fix g) 

The different assumptions and conditions allow one to 
choose which will be easiest to verify. 

3.2 Proving Fast Reverse Correct 

Recall once again the naive definition of reverse: 
reverse :: [a] —► [a] 

reverse [] = [] 

reverse (x : xs) = reverse xs -H- [x] 

As we mentioned before, this naive implementation is inef¬ 
ficient due to the use of the append operation -H-. We would 
like to use worker/wrapper factorisation to improve it. The 
first step is to rewrite the function using fix: 


Assumption (A) holds trivially: 
abs (rep h) 

= { definitions of abs and rep } 

fromDiffo toDiffo h 
= { fromDiffo toDiff= id} 

h 

Now we must verify that the definition of revcat that we 
calculated in the previous section 
revcat [ ] ys = ys 
revcat (x : xs) ys = revcat xs (x : ys) 
satisfies one of the worker/wrapper conditions. We first 
rewrite revcat as an explicit fixed point. 
revcat — fix ret/ 

rev' h [ ] ys = ys 

reif h (x : xs) ys = hxs (x : ys) 

We now verify condition (2), reif o rep = rep o rev , which 
expands to reif (rep r) xs = rep (rev r) xs. We calculate 
from the right-hand side, performing case analysis on xs. 
Firstly, we calculate for the case when xs is empty: 


rev r [ ] 
rev r (x 


= fix rev 

, ([a] -4 [a]) ^ ([«] [«B 

-II 

= r xs -H- [x] 


The next step in applying worker/wrapper is to select 
a new type to replace the original type [a] -4 [a], and to 
write abs and rep functions to perform the conversions. We 
can represent a list xs by its difference list Xys —> xs -H- ys, 
as first demonstrated by Hughes [^2[. Difference lists have 
the advantage that the usually costly operation of -H- can be 
implemented with function composition, typically leading to 
an increase of efficiency. We write the following functions to 
convert between the two representations: 


type DiffList a = [a] -4 [a] 
toDiff :: [a] -4 DiffList a 

toDiff xs = Xys -4 xs -H- ys 

fromDiff :: DiffList a—> [a] 

fromDiff h = h [ ] 

We have fromDiffo toDiff = id: 


fromDiff (toDiff xs) 

= { definition of toDiff } 

fromDiff (Xys -4 xs -tf ys) 

— { definition of fromDiff } 

(Xys -4 xs -H- ys) [] 

= { /3-reduction } 

xs-H- [] 

= { [] is identity of -H- } 


rep (revr) [] 

tm { definition of rep } 
toDiff (rev r []) 

= { definition of rev } 

toDiff [] 

= { definition of toDiff } 

Xys -4 [] -H- ys 
= { [ ] is identity of -H- } 

Xys -4 ys 

— { definiton of rev } 
reif (rep r) [J 

and then for the case where xs is non-empty: 
rep (rev r) (x : xs) 

— { definition of rep } 
toDiff (rev r (x : xs)) 

— { definition of rev } 
toDiff (rxs^(x\) 

= { definition of toDiff } 

Xys -4 (rxs-H- [a?]) -H- ys 

— { associativity and definition of 4t- } 

Xys rxs- H- (s : ys) 

= { definition of toDiff } 

Xys -4 toDiff (r xs) (x : ys) 

= { definition of rep } 

Xys -4 rep r xs (x : ys) 

= { definition of reif } 

reif (rep r) (x : xs) 

For total correctness on infinite lists we must also verify the 
condition holds for the undefined value _L: 
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rep (rev r) X 

= { definition of rep } 

toDiff (rev r X) 

= { rev pattern matches on second argument } 

toDiff X 

= { definition of toDiff } 

A ys -+i-H -ys 

- { -H- strict in first argument } 

A ys -*• X 

= { ret/ pattern matches on second argument } 

red (rep r) X 

Now that we know our rev' satisfies condition (2), we have 
a new definition of reverse 

reverse = abs revcat = fromDiffo revcat 
which eta-expands as follows: 
reverse xs = revcat xs [ ] 

revcat [] ys = ys 
revcat (x : xs) ys = revcat xs (x : ys) 

The end result is the same improved definition of reverse we 
had before. Thus the worker/wrapper theory has allowed us 
to formally verify the correctness of our earlier transforma¬ 
tion. Furthermore, the use of a general theory has allowed 
us to avoid the need for induction which would usually be 
needed to reason about recursive definitions. 

4. Improvement Theory 

Thus far we have only reasoned about correctness. In or¬ 
der to develop a worker/wrapper theory that can prove effi¬ 
ciency properties, we need an operational theory of program 
improvement. More than just expressing extensional infor¬ 
mation, this should be based on intensional properties of 
resources that a program requires. For the purpose of this 
paper, the resource we shall consider is execution time. 

We have two main design goals for our operational theory. 
Firstly, it ought to be based on the operational semantics 
of a realistic programming language, so that conclusions 
we draw from it are as applicable as possible. Secondly, 
it should be amenable to techniques such as (in)equational 
reasoning, as these are the techniques we used to apply the 
worker/wrapper correctness theory. 

For the first goal, we use a language with similar syntax 
and semantics to GHC Core, except that arguments to 
functions are required to be a tomic, as was the case in earlier 
versions of the language [goj. (Normalisation of the current 
version of GHC Core into this form is straightforward.) The 
language is call-by-need, reflecting the use of lazy evaluation 
in Haskell. The efficiency behaviour of call-by-need programs 
is notoriously counterintuitive. Our hope is that providing 
formal techniques for reasoning about call-by-need efficiency 
we will go some way toward easing this problem. 

For the second goal, our theory must be based around 
relation R that is a preorder, as transitivity and reflexivity 
are necessary for inequational reasoning to be valid. Fur¬ 
thermore, to support reasoning in a compositional manner, 
it is essential to allow substitution. That is, given terms M 
and N, if M R N then C [M] R C[N] should also hold 
for any context C. A relation R that satisfies both of these 
properties is called a precongruence. 

A naive approach to measuring execution time would be 
to simply count the number of steps taken to evaluate a 
term to some normal form, and consider that a term M 


is more efficient than a term N if its evaluation finishes 
in fewer steps. The resulting relation is clearly a preorder; 
however it is not a precongruence in a call-by-need setting, 
because meaningful computations can be done with terms 
that are not fully normalised. For example, just because M 
normalises and N does not, it does not follow that M is 
necessarily more efficient in all contexts. 

The approach we use is due to Moran and Sands |l5| . 
Rather than counting the steps taken to normalise a term, 
we compare the steps taken in all contexts, and only say 
that M is improved by N if for any context C, the term 
C[M] requires no more evaluation steps than the term <C[1V]. 
The result is a relation that is trivially a precongruence: 
it inherits transitivity and reflexivity from the numerical 
ordering and is substitutive by definition. 

Improvement theory [|23| wasuniginally developed for 
call-by-name languages by Sands [|2lJ] . The remainder of this 
section presents the call-by=need time improvement theory 
due to Moran and Sands |^5[, which will provide the setting 
for our operational worker/wrapper theory. The essential 
difference between call-by-name and call-by-need is that the 
latter implements a sharing strategy, avoiding the repeated 
evaluation of terms that are used more than once. 

4.1 Operational Semantics of the Core Language 

We shall begin by presenting the operational model that 
forms the basis of this improvement theory. iEhe semantics 
presented here are originally due to Sestoft |£7| . 

We start from a set of variables Var and a set of construc¬ 
tors Con. We assume all constructors have a fixed arity. The 
grammar of terms is as follows: 
x,y,z £ Var 
c e Con 
M,N::=x 

| Xx—tM 
j M x 

| let { a? = M } in IV 
| case M of {a x) ^ Ni} 

We use x = M as a shorthand for a fist of bindings of the 
form x = M. Similarly, we use Ci Xi —>• JVj as a shorthand 
for a list of cases of the form c x —> N. All constructors 
are assumed to be saturated, that is, we assume that any 
x that is the operand of a constructor c has length equal 
to the arity of c. Literals are represented by constructors of 
arity 0. We treat a-equivalent terms as identical. 

A term is a value if it is of the form c x or Xx —> M. In 
Haskell this is referred to as a weak head normal form. We 
shall use letters such as V, W to denote value terms. 

Term contexts take the following form, with substitution 
defined in the obvious way. 

C,B ::=[-] 

Az-J-C 
| Ci 

| let {£ = C} in ID) 

cased of {c* x) -S-D*} 

A value context is a context that is either a lambda abstrac¬ 
tion or a constructor applied to variables. 

The restriction that the arguments of functions and con¬ 
structors always be variables has the effect that all bindings 



<r {x=M},x,S) 
F,v,#x : S) 

(r, m x, S) 

(r, Ax—*M,y : S) 

(r, case M of alts, S) 

(r ,Cj y,{ci Xi -> Ni} : S) 
(r,let {x = M} in N, S) 


(T, M, #x : S) 
(T{x= V},V,S) 
(T, M,x : S) 

(r, M [y / x\, S) 

(r, M, alts : S) 

(r, Nj [y/xi],S) 
(r {x = M},N,S) 


{ Lookup} 
{ Update } 
{ Unwind } 
{ Subst } 

{ Case } 

{ Branch } 
{ Letrec } 


Figure 1. The call-by-need abstract machine 


made during evaluation must have been created by a let. 
Sometimes we will use M N (where N is not a variable) as 
a shorthand for let { x = N } in M x, where x is fresh. We 
use this shorthand for both terms and contexts. 

An abstract machine for executing terms in the language 
maintains a state (T, M, S) consisting of: a heap T, given by a 
set of bindings from variables to terms; the term M currently 
being evaluated; the evaluation stack S, given by a list of 
tokens used by the abstract machine. The machine works 
by evaluating the current term to a value, and then decides 
what to do with the value based on the top of the stack. 
Bindings generated by let constructs are put on the heap, 
and only taken off when performing a LOOKUP. A LOOKUP 
executes by putting a token on the stack representing where 
the term was looked up, and then evaluating that term to 
value form before replacing it on the heap. In this way, each 
binding is only ever evaluated at most once. The semantics 
of the machine is given in Figure |lj. Note that the Letrec 
rule assumes that x is disjoint from the domain of T; if not, 
we need only a-rename so that this is the case. 

4.2 The Cost Model and Improvement Relations 

Now that we have a semantics for our model, we must 
devise a cost model for this semantics. The natural way 
to do this for an operational semantics is to count steps 
taken to evaluate a given term. We use the notation MjT to 
mean the abstract machine progresses from the initial state 
(0, M, e) to some final state (T, V, e) with n occurences of the 
Lookup step. It is sufficient to count Lookup steps because 
the total number of steps is bounded by a linear function of 
the number of Lookup steps |15|. Furthermore, we use the 
notation Ml^ n to mean that for some m < n. 

From this, we can define our improvement relation. We 
say that “M is improved by N”, written M > N, if the 
following statement holds for all contexts C: 

C[M]+ m =k C [N}f m 

In other words, a term M is improved by a term NUN 
takes no more steps to evaluate than M in all contexts. 
That this relation is a congruence follows immediately from 
the definition, and that it is a preorder follows from the fact 
that < is itself a preorder. We sometimes write M < N for 
N j> M. If both M > N and M < N, we write M <®> N and 
say that M and N are cost-equivalent. 

For convenience, we define a “tick” operation on terms 
that adds exactly one unit of cost to a term: 

/ M = let {x = M} in x { where x is free in M } 

This definition for •/ M takes exactly two steps to evaluate 
to M : one to add the binding to the heap, and the other to 
look it up. Only one of these steps is a Lookup step, so the 
result is that the cost of evaluating the term is increased by 
exactly one. Using ticks allows us to annotate terms with in¬ 


dividual units of cost, allowing us to use rules to “push” cost 
around a term, making the calculations more convenient. 
We could also define the tick operation by adding it to the 
grammar of terms and modifying the abstract machine and 
cost model accordingly, but this definition is equivalent. We 
have the following law: ■/M j> M. 

The improvement relation j> covers when one term is at 
least as efficient as another in all contexts, but this is a very 
strong statement. We use the notion of “weak improvement” 
when one term is at least as efficient as another within a 
constant factor. Specifically, we say M is weakly improved 
by N, written M jg N, if there exists a linear function 
f(x) = kx + c (where k, c > 0) such that the following 
statement holds for all contexts C: 

C[i\4T=k C[ATf4. </(m) 

This can be read as “replacing M with N may make pro¬ 
grams worse, but cannot make them asymptotically worse”. 
We use symbols <g and <t> for inverse and equivalence anal¬ 
ogously as for standard improvement. 

Because weak improvement ignores constant factors, we 
have the following tick introduction/elimination law: 

/M 

It follows from this that any improvement M > N can be 
weakened to a weak improvement M 1 ^ N 1 where M' and N' 
denote the terms M and N with all the ticks removed. 

The last notation we define is entailment, which is used 
when we have a chain of improvements that all apply with 
respect to a particular set of definitions. Specifically, where 
T — {.-i: — V } is a list of bindings, we write: 

L b Mi j> M 2 >•■•!> M n 
to mean: 

let T in Ml > let r in M 2 > ... > let T in M n 
4.3 Selected Laws 

We finish this section with a selection of laws taken from 
The first two are /3-reduction rules. The following cost equiv¬ 
alence holds for function application: 

(A x^M)y<^M\y/x\ 

This holds because the abstract machine evaluates the left- 
hand-side to the right-hand-side without performing any 
Lookups, resulting the same heap and stack as before. Note 
that the substitution is variable-for-variable, as the grammar 
for our language requires that the argument to function 
application always be a variable. 

In general, where a term M can be evaluated to a term 
M' , we have the following relationships: 

M £ M 

M 1 <> M 
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The latter fact may be non-obvious, but it holds because 
evaluating a term will produce a constant number of ticks, 
and tick-elimination is a weak cost-equivalence. In this man¬ 
ner we can see that partial evaluation by itself will never save 
more than a constant-factor of time. 

The following cost equivalence allows us to substitute a 
variable for its binding. However, note that this is only valid 
for values, as bindings to other terms will be modified in the 
course of execution. We thus call this rule value-fl. 
let {x= V,y = <£[x]} inD[i] 

<> 

~let {x= V,y = C[/F]}inB[/FJ 

The following law allows us to move let bindings in and 
out of a context when the binding is to a value. Note that 
we assume that x does not appear free in C, which can be 
ensured by a-renaming, and that no free variables in V are 
captured in C. We call this rule value let-floating. 

C[let {a: = V} in M] <> let {x = V} in C[M] 

We also have a garbage collection law allowing us to 
remove unused bindings. Assuming that x is not free in N 
or L, we have the following cost equivalence: 

let {x= M\y = N} in L <[> let {y = N} in L 

The final law we present here is the rule of improvement 
induction. The version that we present is stronger than the 
version in [^5[ , but can be obtained by a simple modification 
of the proof given there. For any set of value bindings F and 
context C, we have the following rule: 

r h m > /c [M] r h /c[w] > n 
r b ai > n 

This allows us to prove an M > N simply by finding a 
context C where we can “unfold” M to /C [M] and “fold” 
/C[iV] to N. In other words, the following proof is valid: 

FhM 

~/C [M] 

> { hypothesis } 

~ /C[!V] 

~ N 

In this way the technique Js .similar to proof principles 
such as guarded coinduction [JdJ, g8|. 

As a corollary to this law, we have the following law for 
cost-equivalence improvement induction. For any set of value 
bindings T and context C, we have: 

r h m <> /c [M] r h /c[iv] n 
r h m <> n 

The proof is simply to start from the assumptions and make 
two applications of improvement induction: first to prove 
M j> N, and second to prove N t> M. 

5. Worker/Wrapper and Improvement 

In this section, we prove a factorisation theorem for im¬ 
provement theory analogous to the worker/wrapper fac¬ 
torisation theorem given in section p.l[ Before we do this, 
however, we must prove two preliminary results: a rolling 
rule and a fusion rule. Rolling and fusion are central to 
the worker/wrapper transformation [J7|, fU|, so it is only 
natural that we would need versions of these to apply 
worker/wrapper transformation in this context. 


5.1 Preliminary Results 

The first rule we prove is the rolling rule, so named because 
of its similarity to the rolling rule for least-fixed points. In 
particular, for any pair of value contexts F, G, we have the 
following weak cost equivalence: 

let {i=F[G[i]]}inG[x] let (a: = G[F[x]]} in x 

The proof begins with an application of cost-equivalence 
improvement induction. We let F m {x = F[/G[x]],y = 
G[/F[y]]}, M = /G[z], N = y, C = G[/F[-]j. The 
premises of induction are proved as follows: 

T\-M 

m { definitions } 

/G[z] 

<it> { value-/3 } 

~/G[/F[/G[z]]] 

S { definitions } 

SC[M] 

rh/c[iv] 

= { definitions } 

/G[/F[y]] 

<[> { value-/? } 

y 

m { definitions } 

N 

Thus we can conclude T h M <[> N, or equivalently 
let r in M <j> let F in N. We expand this out and ap¬ 
ply garbage collection to remove the unused bindings: 

let {s = F[/G[®]]> in/G[s] <> let {y = G[/F[j/]]} in y 

By applying a-renaming and weakening we obtain the de¬ 
sired result. The second rule we prove is letrec-fusion, anal¬ 
ogous to fixed-point fusion. For any value contexts F, G, we 
have the following implication: 

H[/F[®]] > G[/H[®]] 

let {x= F[ K ]} in H[i] fc let {x = G[i]} in x 

For the proof, we assume the premise and proceed by 
improvement induction. Let T = {x = F[a:], ?/ = G[y]}, 
M = /H[x], N = y, C = G. The premises are proved by: 

T\-M 

E {by definitions } 

/H[x] 

<3t> { value beta } 

~/H[/F[s:]] 

> {by assumption } 

~ /G[/H[x]] 
a { definition } 

/C [M] 

and 

r h /c[iv] 

a {by definitions } 

/G[y] 

{ value beta } 

~ y 

a { definition } 

N 
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Thus we conclude that T b M > N. Expanding and applying 
garbage collection, we obtain the following: 

let {x = F[x]} in/H[x] > let y = G[y] in y 

Again we obtain the desired result via weakening and a- 
renaming. As improvement induction is symmetrical, we 
can also prove the following dual fusion law, in which the 
improvement relations are reversed: 

H[/F|af]] <| G[/H[a;]|: 

let {x= F[x]} in H[x] g let {x = G[®]} in x 

For both the rolling and fusion rules, we first proved 
a version of the conclusion with normal improvement, and 
then weakened to weak improvement. We do this to avoid 
having to deal with ticks, and because the weaker version is 
strong enough for our purposes. 

Moran and Sands also prove their own fusion law. This 
law requires that the context El satisfy a form of strictness. 
Specifically, For any value contexts F, G and fresh variable x, 
we have the following implication: 

M[¥[x}] > G[H[®]] A strict (H) 

let {® = F[®]} in C[H[*I). j> let {n:=<G[a:]} in C[x] 
This version of fusion has the advantage of having a stronger 
conclusion, but its strictness side-condition and lack of sym¬ 
metry make it unsuitable for our purposes. 

5.2 The Worker/Wrapper Improvement Theorem 

Using the above set of rules, we can prove the follow¬ 
ing worker/wrapper improvement theorem, giving conditions 
under which a program factorisation is a time improvement: 
Theorem 2 (Worker/Wrapper Improvement). 

Given value contexts Abs, Rep, F, G for which x is free 
satisfying one of the assumptions 

(A) Abs[Rep[®]] <> x 

(H) Abs[Rep[F[®]]] <> F[x] 

(C) let x= Abs[Rep[F[®]]] in ®l> let x = F[x] in x 
and one of the conditions 

(I) G[x] 3 Rep[F[Abs[®]]] 

(2) G[/Rep[®]] < Rep[/F[®]] 

(3) Abs[/G[®]] <F[/Abs[®]j 

(1/3) let x = G[x] in x <s let x= Rep[F[Abs[®]]] in x 

(2/3) let x = G[®] in x g let x = F[x] in Rep[®] 
we have the improvement 

let x = F[x] in x g let x = G[x] in Abs[®] 

Given a recursive program let x = F[x] in x and abstrac¬ 
tion and representation contexts Abs and Rep, this theorem 
gives us conditions we can use to derive a factorised program 
let x = G[x] in Abs[®]. This factorised program will be at 
worst a constant factor slower than the original program, but 
can potentially be asymptotically faster. In other words, we 
have conditions that guarantee that such an optimisation is 
“safe” with respect to timemerformance. 

The proof given in [|25| for the original factorisation 
theorem centers on the use of the rolling and fusion rules. 
Because we have proven analogous rules in our setting, the 
proofs can be adapted fairly straightforwardly, simply by 
keeping the general form of the proofs and using the rules 


of improvement theory as structural rules that fit between 
the original steps. The details are as follows. 

We begin by noting that (A) =>■ (B) =$■ ( C ), as in the 
original case. The first implication (A) =>■ ( B ) no longer 
follows immediately, but the proof is simple. Leting y be a 
fresh variable, we reason as follows: 

Abs[Rep[F[y]]] 

<r> { garbage collection, value-/! } 

~let x = F[j/] in Abs[Rep[®]] 

<> {(A)} 

"let ® = F[y] in a: 

o { value- ; fl, garbage collection } 

**[»] 

The final step is to observe that as both x and y are fresh, we 
can substitute one for the other and the relationship between 
the terms will remain the same. Hence, we can conclude ( B ). 

As in the original theorem, we have that (1) implies 
(1/3) by simple application of substitution, (2) implies (2/9) 
by fusion and (3) implies the conclusion also by fusion. 
Under assumption (C), we have that (1/9) and (2/3) are 
equivalent. We show this by proving their right hand sides 
cost-equivalent, after which we can simply apply transitivity, 
let x = F[x] in Repfx] 

<> { value-/3 } 

“let ® = F[®] in Rep[F[®]] 
o { value let-floating } 

~Rep[F[let x = F[s] ini]] 

<> {(C)} 

~Rep[F[let x= Abs[Rep[F[a:]]] in ®]] 

<j> { value let-floating } 

"let x = Abs[Rep[F[a:]]] in Rep[F[s]] 

O { rolling } 

“let x= Rep[F[Abs[a:]]] ini 

Finally, we must show that condition (1/3) and assump¬ 
tion (C) together imply the conclusion. This follows exactly 
the same pattern of reasoning as the original proof, with the 
addition of two applications of value-let floating: 
let x = F[x] in x 

{(C)} 

"let x = Abs[Rep[F[a:]]] in x 
<[> { rolling } 

“let x= Rep[F[Abs[a:]]] in Abs[a;] 

{ value let-floating } 

~Abs[let x = Rep[F[Abs[a:]]] in x] 

& {am 

Abs [let x = G[®] in x] 

{ value let-floating } 
let x = G[x] in Abs]®] 

We conclude this section by discussing a few important 
points about the worker/wrapper improvement theorem and 
its applications. Firstly, we note that the condition (A) will 
never actually hold. To see this, we let U be a divergent 
term; that is, one that the abstract machine will never 
finish evaluating. By substituting into the context let x = 
fi in [ —], we obtain the following cost-equivalence: 

let x= fl in Abs[Rep[®]] <®> let x = in x 

This is clearly false, as the left-hand side will terminate 
almost immediately (as Abs is a value context), while the 
right-hand side will diverge. Thus we see that assumption 
(A) is impossible to satisfy. We leave it in the theorem 
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for completeness of the analogy with the earlier theorem 
from section |3.l| . In situations where (A) would have been 
used with the earlier theory, the weaker assumption ( B) 
can always be used instead. As we will see later with the 
examples, frequently only very few properties of the context 
F will be used in the proof of ( B ). A typed improvement 
theory might allow these properties to be assumed of x 
instead, thus making (A) useful again. 

Secondly, we note the restriction to value contexts. This 
is not actually a particularly severe restriction: for the com¬ 
mon application of recursively-defined functions, it is fairly 
straightforward to ensure that all contexts be of the form 
Xx —>■ C. For other applications it may be more difficult to 
find Abs and Rep contexts with the required relationship. 

Finally, we note that only conditions (2) and (3) use nor¬ 
mal improvement, with all other assumptions and condi¬ 
tions using the weaker version. This is because weak im¬ 
provement is not strong enough to permit the use of fusion, 
which these conditions rely on. This makes these conditions 
harder to prove. However, when these conditions are used, 
their strength allows us to narrow down the source of any 
constant-factor slowdown that may take place. 

6. Examples 

6.1 Reversing a List 

In this section we shall demonstrate the utility of our theory 
with two practical examples. We begin by revisiting the 
earlier example of reversing a list. In order to apply our 
theory, we must first write reverse as a recursive let: 

reverse = let {/= Revbody [J] } in / 

Revbody[M] = Xxs —> case xs of 

LML 

(y ■ ys) 3- M ys- H- [y] 

The abs and rep functions from before give rise to to the 
following contexts: 

Abs[M] = A xs^M xs[] 

Rep[M] = Xxs ->• Xys M xs-W-ys 

We also require some extra theoretical machinery that 
we have yet to introduce. To start with, we must assume 
some rules about the append operation -H-. The following 
associativity rules were proved by Moran and Sands |15|. 

(xs -H- ys) -H- zs > xs -H- (ys -H- zs) 

xs -H- (ys -If zs) g (xs -H- ys) -H- zs 

We assume the following identity improvement as well, 
which follows from theorems also proved in [^5[: 

[] -H- » fc »» 

We also require the notion of an evaluation context. An 
evaluation context is a context where evaluation is impossi¬ 
ble unless the hole is filled, and have the following form: 

E ::= A 

| let { x = M} in A 
| let { y = M ; 

xo = Ao[a:i]; 
xi = Aifa^]; 

Xn = A ra } 
in A[® 0 ] 


j case A of {a x) -> Mi} 

Note that a context of this form must have exactly one hole. 
The usefulness of evaluation contexts is that they satisfy 
some special laws. We use the following in this example: 
E[/M] 

<J> { tick floating } 

~/E [M] 


E[case M of {cixi-tJVi}] 
o { case floating } 

~case M of { a x) -» E[ N t ] } 


E[let {i = M}inJV] 

<]> { let floating } 

let {x = M } in E[/V] 

We conclude by noting that while the context [ — ] -ti-ys is not 
strictly speaking an evaluation context (as the hole is in the 
wrong place), it is cost-equivalent to an evaluation context 
and so also satisfies these laws. The proof is as follows: 


[—] -H -ys 

a { desugaring } 

(let {>= [-]} in (4f) xs) ys 
<J> { let floating [ —] ys} 

let {zs = [-]} in (-H-) xs ys 
<> { unfolding -H- } 

~let {**=[-]} in 
/case xs of 

(z : zs) ->■ let {rs = (-H-) zs ys} in z : rs 
<t> { desugaring tick and collecting lets } 

~let {*»=[-]; 
r = case xs of 
[] -a ys 

(z ■■ zs)-¥ let {rs = (-H-) zs ys} in 2 : rs 


Now we can begin the example proper. We start by 
verifying that Abs and Rep satisfy one of the worker/wrapper 
assumptions. While earlier we used (A) for this example, the 
corresponding assumption for worker/wrapper improvement 
is unsatisfiable. Thus we instead verify assumption (B). The 
proof is fairly straightforward: 


A bs [ Re p [ Re v bod y [/| ] ] 
a { definitions } 

Xxs —y (Xxs a Xys a Revbody [f\ xs -H- ys) xs [] 
<[> { /3-reduction } 

Xxs a- Revbody [f\ xs -H- [] 
a { definition of Revbody } 

Xxs (Xxs —> case xs of 

[l-*[] 

(y ■ ys) -t /ys -H- [y]) ®s-h- [] 

<]> { /3-reduction } 

Xxs a- (case xs of 

[]->[] 

(y ■ ys) -t /ys -H- [y]) -H- [] 

<[> { case floating [-] -H- [] } 


(fw»-H-[v])-H-[] 
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A xs -4 A ys 


<> { associativity is weak cost equivalence } 

~A xs -4 case xs of 

( y ■ ys) / ys -h- ([y] -h- []) 

<> { evaluating [] -H- [], [ y] -H- [] } 

(y ■ ys)f ys-ti-[y] 

gS { definition of revbody } 

Revbody [f\ 

As before, we use condition (2) to derive our G. The deriva¬ 
tion is somewhat more involved than before, requiring some 
care with the manipulation of ticks. 

Rep[/Revbody [/| ] 

3 { definitions } 

A xs -4 A ys —> 

(/A xs 3- case xs of 

[]-/[] 

(z : zs) -4 fzs -H- [ 2 ]) xs -H- ys 
<]> { float tick out of [—] xs -H- ys } 

A xs -4 A ys —> 

/ ((A xs -4 case xs of 

n-+n 

(z : zs) -4 fzs -H- [ 2 ]) xs -H- ys) 

<]> { /3-reduction } 

A xs —>■ A ys —>- / ((case xs of 

(z : zs)->fzs-H-[z])-H-ys) 

<£■ { case floating [—] -H- ys } 

A xs —>■ A ys —>- / (case xs of 

[] 3- [] -tt-2/s 

(z : zs) ->■ (fzs-H-[z])-H-ys) 

> { associativity and identity of -H- } 

Xxs —> A ys -4 / (case xs of 

[] ys 

( Z : 

> { evaluating [y\ -H- ys } 

A xs -4 Xys -4 / (case xs of 

[] ys 

(z : zs) -4 / 2 s -H- (2 : ys)) 

<> { case floating tick (*) } 

Xxs Xys case xs of 
0 ->■ Sys 

(z : zs) 3- Stfzs-H- [z : ys)) 

> { removing a tick } 

Xxs —>• Xys —»• case xs of 

[] ->■ ys 

(z : zs) S(fzs-tt- (z : ys)) 

<> { desugaring } 

Xxs —> Xys —»• case xs of 

[] ys 

(z : zs) 3- 

/ (let ws=(z : ys) in 
/zsdf ws) 

<> { /3-expansion } 

Xxs —> Xys case xs of 
[] -t ys 
{z : zs) 

/let ws= (z : ys) in 

(A as —y Xbs —y f as -H- 6s) zs ws 
<> { tick floating [ — ] zs ws } 


[] ->■ ys 

(z : zs) 3 
let ws = (z : ys) in 

(/A as —> Xbs —>• / as -fl- bs) zs ws 
3 { definition of Rep } 

Xxs Xys case xs of 

[] -t ?/* 

let ws — (z : ys) in 
(/Rep[/]) zs ws 

= { taking this as our definition of G } 

G[/Re P [f\] 

The step marked ★ is valid because /[—] is itself an eval¬ 
uation context, being syntactic sugar for let x = [— ] in x. 
Thus we have derived a definition of G, from which we create 
the following factorised program: 

reverse = let {rec = G[rec]} in Abs[ rec] 

G[ree] = Xxs —► Xys 3- case xs of 

U^ys 

[z : zs) 3- let ws = (z : ys) in 

Expanding this out, we obtain: 
reverse = let { rec = 

Xxs -4 Xys -4 case xs of 

[] ->• ys 

(z : zs) 3- let ws = (z : ys) in 

The result is an implementation of fast reverse as a recursive 
let. The calculations here have essentially the same structure 
as the correctness proofe, with the addition of some admin¬ 
istrative steps to do with the manipulation of ticks. 

To illustrate the performance gain, we have graphed 
the performance of the original Reverse function against 
the optimised version ixL-Jigure g. We used the Criterion 
benchmarking library [Jlf| with a range of list lengths to 
compare the performance of the two functions The resulting 
graph shows a clear improvement from quadratic time to 
linear. We chose to use relatively small list lengths for our 
graphs, but the trend continues for larger values. 

6.2 Tabulating a Function 

Our second example is that of tabulating a function by 
producing a stream (infinite list) of results. Given a function 
/that takes a natural number as its argument, the tabulate 
function should produce the following result: 

t/0,/1,/2,/3,... 

This function can be implemented in Haskell as follows: 
tabulate /=/0 : tabulate (/o (+1)) 

This definition is inefficient, as it requires that the argument 
to / be recalculated for each element of the result stream. 
Essentially, this definition corresponds to the following cal¬ 
culation, involving a significant amount of repeated work: 

[/0,/(0 + l),/((0 + 1) + l),/(((0 + 1) + 1) + 1),... 

We wish to apply the worker/wrapper technique to im¬ 
prove the time performance of this program. The first step 
is to write it as a recursive let in our language: 
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Figure 2. Performance comparisons of reverse and tabulate 


tabulate = let {h = F[h]} in h 
F [M] = A/ —> let {/ = Ax —f 

let {d = x + 1} in /a/} 
infO : Mf 

Next, we must devise Abs and Rep contexts. In order to 
avoid the repeated work, we hope to derive a version of the 
tabulate function that takes an additional number argument 
telling it where to “start” from. The following Abs and Rep 
contexts convert between these two versions: 

Abs [M] = A/^M0/ 

Rep[M] = An —1- A/—»• let {/ = Ax-> 

let {d = x T n} 



Once again, we must introduce some new rules before we 
can derive the factorised program. Firstly, we_require the 
following two variable substitution rules from [|15| : 

let {x = y } in C [x] O let {x = y} in C [y] 
let {x = y} in C [y] <t> let {x = y} in C [x] 

Next, we must use some properties of addition. Firstly, we 
have the following identity properties: 

x T 0 <!E> x 
0 + x«>x 

We also use the following property, combining associativity 
and commutativity. We shall refer to this as associativity 
of +. Where t is not free in C, we have: 

let {t— x+ y} in 
let { r = t + z} inC[r] 

<t> 

let {t= z+ y} in 

let {r=x+t} inC[r] 

Finally, we use the fact that sums may be floated out of 
arbitrary contexts. Where z does not occur in C, we have: 

C [let {z= y+ x} in M ] «> let {z= y+ x} in C [M] 


Now we can begin to apply worker/wrapper. Firstly, we 
verify that Abs and Rep satisfy assumption ( B ). Again, this 
is relatively straightforward: 

Abs[Rep[F[h]]] 

S { definitions } 

A/-)- (An -+ A/-> let {/ = Ax^ 

let {x' = xT n} 
in/x'} 

in F[ft] f) 0 f 

{ /3-reduction } 

A/ —>■ let {/ = Ax —» 

let (x' = X+ 0} 
in/x'} 

in F[A] / 

<> { x+0 <> x } 

~Xf —>■ let {/~= Ax —»• 

let { x' = x} 
in/x'} 

in F[A] / 

<t> { variable substitution, garbage collection } 

^A/ -¥ let {/ = Ax —> / x} 
in F[A] / 

= { defintion of F } 

A/ -¥ let {/ = Ax —>■ /x} 
in (A/-+ let {/' = Ax^ 

let (x' = x+ 1} in/x} 
in/0 : hf')f 
<t> { /3-reduction } 

~A/ let {/ = Ax —> /x} 
in let {/' = Ax —)• 

let { x' = x + 1} in / x'} 

m/0 :hf 

<3t> { value-^ on / } 

~A/ —> let {/' = Ax —)■ 

let (x' = x+ 1} in (A x-tfx) x'} 
in (Ax—>/x)0 : hf 
<10 { /3-reduction } 

~A/ let {/' = Ax—> 

let {x' = x+l} in/x'} 
in /0 : hf 
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Ip { definition of F } 

m 

Now we use condition (2) to derive the new definition of 
tabulate. This requires the use of a number of the properties 
that we presented earlier: 


Rep[/F[A]] 

= { definitions } 

An —> A/ —>■ let {/ = Xx —> 

let { a/ = x + n} 
in f orf } 

in C\f^ let {/' = Ax ^ 

let {f = x-\- 1} in/ 3 !'} 

in/0 : hf')f 
<][> { tick floating [ — ] / } 

An —> A/-> let {/ = Xx —> 

let { 3 / = x + n} 
in/a/} 

in/(A/-+let {/' = **->• 

let {a/' = x + 1} in/ a/' } 

in/0 : hf')f 

<x> { /3-reduction } 

An —¥ A/—»• let {/ = Aa; —>■ 

let { 3 ! = x + n} 

in/a/} 

in/let {/' = \x-> 

let {x" = X+ 1} in/ x"} 
in / 0 : hf 

<> { value-/? on /, garbage collection } 

An —>• A/— »• /let {/' = Ao; —>■ 
let {a:' = x + 1} in 
(/Aa; —¥ 

let (a:" = x+ n} 
in /a/') a/} 

in (/Aa;— let {a:" = x+ n} 
in /a/') 0 : hf 

> { removing ticks, /3-reduction } 

An —y A/— >• /let {/' = Xx —► 

let {a/ = a:+ 1} in 
let (a/' = a/ + n} 
in /a/'} 

in (let (a/' = 0 + n} 
in /a/') : A/' 

<ii> { associativity and identity of + } 

An —y A/—>• /let {/' = \x—> 
let { n' = n + 1} in 
let { a/' = a: + n' } 
in /a:"} 
in (let (a:" = n} 
in /a/') : A/' 

> { variable substitution, garbage collection } 

An —¥ A/— »• /let {/' = Xx —► 

let { n! = n + 1} in 
let (a/' = a;+ n'} 
in /a;"} 
in/n : A/' 

<> { value let-floating } 

~An —¥ A/—>• / n : 

/let {/' = Aa; ->■ 
let { n' = n + 1} in 
let (a/' = a;+ n'} 
in /a;"} 


in hf 

{ sums float } 

\n —>■ A/—> / n : 
let { n' = n + 1} in 
/let {f = \x^ 
let (a/' = a: + n'} 
in /a/'} 
in A/' 

{ /3-expansion, tick floating } 
\n—t\f—>fn : 
let { n' = n + 1} in 
(/An —»■ A/—>• let {/' = Ao :-4 

let { a/ = a; + n} 
in/a/} 


in A /') n' f 

3 { definition of Rep } 

An—> A/->/n : 
let { n' = n + 1 } in 
(/Rep[A]) n' f 

3 { taking this as our definition of G } 

G[/Rep[A]] 


Thus we have derived a definition of G, from which we create 
the following factorised program: 


tabulate = let {A = G[A]} in Abs[A] 

G[M] = \n—> \f—> fn : let { n' = n + 1 } in M n' / 


This is the sa me optimised tabulate function that was 
proved correct in [g_oj] , and the proofs here have a similar 
structure to the correctness proofs from that paper, except 
that we have now formalised that the new version of the 
tabulate function is indeed a time improvement of the orig¬ 
inal version. We note that the proof of ( B ) is complicated 
by the fact that ^-reduction is not valid in this setting. In 
fact, if we assumed ^-reduction then our proof of (B) here 
could be adapted into a proof of (A). 

We demonstrate the performance gain in Figure g again 
based on Criterion benchmarks. This time, we keep the same 
input (in this case the function A n —> n * n), but vary 
how many elements of the result stream we evaluate. Once 
again, we have an improvement from quadratic to linear 
performance, and the trend continues for larger values. 


7. Related Work 

We divide the related work into three sections. Firstly, we 
discuss various approaches to the operational semantics of 
lazy languages. Secondly, we discuss the history of improve¬ 
ment theory. Finally, we discuss other approaches that have 
been used to formally reason about efficiency. 

7.1 Lazy Operational Semantics 

The notion of call-by- need, evaluation was first introduced 
in 1971 by Wadsworth |30|. However, the semantics most 
widely regarded as the definition oLcall-by-rieed is the natu¬ 
ral semantics due to Launchbury [|T| , which was later used 
by Sestoft to derive the virtual machine semantics we use 
in this paper |g7|. Ariola, Felleisen, Maraist, Odersky and 
Wadler presented a call-by-need lambda calculus |lj, with 
operational semantics based on reductions between terms in 
the source language. This calculus supports an equational 
theory. However, Moran and Sands showed that this eniia- 
tional theory is subsumed by weak cost-equivalence |15|. 


105 


7.2 Improvement Theory 

Improvement theory was originally developed in 1991 by 
Sands [|2l[, and applied in a call-by-name setting. In 1997 
this was generalised to a wide class xilcall-by- name and call- 
by-value languages, also by Sands |22|. This theory was also 
applicable to a general class of resources, rather than just 
space and time. The theory for lazy lang uag es was developed 
by Moran and Sands for time efficiency jl5| and Gustavsson 
and Sands for space efficiency [g, g . Since the last of these 
papers was published in 2001, there does not seem to have 
been much work on improvement theory. We hope that this 
paper can help to regenerate interest in this topic. 

7.3 Formal Reasoning About Efficiency 

Okasaki 0 uses techniques of amortised cost analysis to 
reason about the asymptotic time complexity of lazy func¬ 
tional data structures. This is achieved by modifying anal¬ 
ysis techniques such as the Banker’s Method, where the no¬ 
tion of credit is used to spread out the notional cost of an 
expensive but infrequent operations over more frequent and 
cheaper operations. The key idea in Okasaki’s work is to 
invert such techniques to use the notion of debt. This al¬ 
lows the analyses to deal with the persistence of data struc¬ 
tures, where the same structure may exist in multiple ver¬ 
sions at once. While credit may only be spent once, a single 
debt may be paid off multiple tunes (in different versions 
of the same structure) without risking bankruptcy. These 
techniques have been used to analyse the asymptotic per¬ 
formance of a number of functional data structures. 

Sansom and Peyton Jones [|24j give a presentation of 
the GHC profiler, which can be used to measure time as 
well as space usage of Haskell programs. In doing so, they 
give a formal cost semantics for GHC Core programs based 
around the notion of cost centres. Cost centres are a way 
of annotating expressions, so that the profiler can indicate 
which parts of the source program cost the most to execute. 
The cost semantics is used as a specification to develop 
a precise profiling framework, as well as to prove various 
properties about cost attribution and verify that certain 
program transformations do not affect the attribution of 
costs, though they may of course reduce cost overall. Cost 
centres are now widely-used in profiling Haskell programs. 

Hope |gd| applies a technique based on instrumenting an 
abstract machine with cost information to derive a cost se¬ 
mantics for call-by-value functional programs. More specifi¬ 
cally, starting from a denotational semantics for the source 
language, one derives an abstract machine for this language 
using standard program transformation techniques, instru¬ 
ments this machine with cost information, and then reverses 
the derivation to arrive at an instrumented denotational se¬ 
mantics. This semantics can then be used to reason about 
the cost of programs in the high-level source language with¬ 
out reference to the details of the abstract machine. This 
approach was used to calculate the space and time cost of a 
range of programming examples, as well as to derive a new 
deforestation theorem for hylomorphisms. 

8. Conclusion 

In this paper, we have shown how improvement theory can 
be used to justify the worker/wrapper transformation as a 
program optimisation, by formally proving that, under cer¬ 
tain natural conditions, the transformation is guaranteed 
to preserve or improve time performance. This guarantee 
is with respect to an established operational semantics for 


call-by-need evaluation. We then verified that two examples 
from previous worker/wrapper papers met the preconditions 
for this performance guarantee, demonstrating the use of our 
theory while also verifying the validity of the examples. This 
work appears to be the first time that rigorous performance 
guarantees have been given for a general purpose optimisa¬ 
tion technique in a call-by-need setting. 

8.1 Further Work 

As well as for fixed points, worker/wrapper theories also exj- 
ist for more structured recursion operators such as folds [|13| 
and unfolds [JltJ. Though the theory we present here can 
be specialised to such operators, it may be beneficial to in¬ 
vestigate this more closely, as doing so may reveal more 
interesting and subtle details yet to be uncovered. 

As we mentioned earlier in this paper, a typed theory 
would be more useful, allowing more power when reasoning 
about programs. This would also match more closely with 
the original worker/wrapper theories, which were typed. 
The key barrier to this is that there is currently no typed 
improvement theory, so such a theory would have to be 
developed before the theory here could be made typed. 

The theory we present here only applies to time efficiency. 
Gustavsson and Sands have developed an improvement the¬ 
ory for space [g, g], so this would be an obvious next step 
for developing our theory. More generally, we could apply a 
technique such as that used by Sands |22| to develop a the¬ 
ory that applies to a large class of resources, and examine 
which assumptions must be made about the resources we 
consider for our theory to apply. 

Assumptions (A), ( B ) and (C) are written as weak cost- 
equivalences, which limits the scope of our theory to cases 
where Abs and Rep are fairly simple. We would like to also 
be able to cover cases where the Abs and Rep contexts cor¬ 
respond to expensive operations, but the extra cost is made 
up for by the overall efficiency gain of the transformation. 
To cover such cases, we would require a richer version of im¬ 
provement theory that is able to quantify how much better 
one program is than another. 

As our examples show, the calculations required to de¬ 
rive an improved program can often be quite involved. The 
HERMIT sjistem, devised by a team at the University of 
Kansas [g, j26| , facilitates program transformations by pro¬ 
viding an interactive interface for program transformation 
that verifies correctness. If improvement theory could be in¬ 
tegrated into such a system, it would be significantly easier 
to apply our worker/wrapper improvement theory. 

Finally, we are working on a general worker/wrapper the¬ 
ory that willjpply to any operator with the property of 
dinaturality |5[. It is also interesting to consider whether 
such a general categorical approach can be applied to an 
operational theory. If this is the case, dinaturality may also 
provide the necessary machinery to unify the denotational 
(correctness) and operational (efficiency) theories, which as 
we have already observed in this paper are very similar in 
terms of their formulations and proofs. Voigtlander and Jo¬ 
hann used parametricity to justify program transformations 
from a perspective of observational approximation |29|. It 
may be productive to investigate whether their techniques 
can be applied to a notion of improvement. 
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